If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

NIKSUN's NetDetector is highlighted in a recently published book,
entitled Incident Response by Kenneth R. van Wyk and Richard Forno. On page
119, in section 7 which addresses Network Monitors and Protocol Analyzers,
there is a write-up about NetDetector which states:

"One of the more recent, but powerful, entries into the network protocol
analyzer market is NetDetector by Niksun. Like the Sniffer product line,
it is a full-featured network protocol analyzer. Unlike the Sniffer,
though, it specializes in WAN connections and has an extremely capable
session visualization capability. In fact, in the area of session playback
and visualization, NetDetector is pretty much without peer.

NetDetector's session visualization features are truly impressive. They
include the ability to visually reconstruct web browser sessions and the
ability to quickly extract email file attachments from network data
streams. All of these things can be done using customized scripts and programs from
lower-level network analyzers, but NetDetector packages them in a very easy
to use system.

As with other network analysis products from Niksun, NetDetector
supports a wide range of physical network media on both the LAN and WAN
side. The list of supported network media includes 10/100/1000 BaseT
Ethernet, FDDI, T1, T3, and OC3.

Finally, NetDetector provides the ability to alert you (via SNMP) of
detected network activity that indicates likely intrusion activity. In
doing that, it most certainly has some intrusion detection capabilities,
but its intrusion detection features are not its strongest feature. Where
NetDetector really excels is in its network data capture and analysis
features. If you are looking for an uncompromising, monitoring and playback solution, NetDetector should be at the top of your
list."

What if I just feed a "traget" a few megabytes of suspicious-looking fodder and a couple hundred well-placed, calculated packets? Maybe even sending you legitimate traffic (oddles of FTP or Web at the same exact time, for example). And let's just say that all this traffic happens over a few days or weeks or even months? Record all you want... and I wish you luck finding anything I really want hidden. The only thing the "replay" might buy you, if you're lucky, is finding out how (or when) I got in... but overall it'll take you longer to find by that method than any reasonably senior/knlwedgeable admin and a good "sense" about a machine, overall.

And, well, if you have to spam about to to sell it to security-minded folk, well, it must suck...